Chief compliance officers are always hungry for benchmarking data, for comparisons and insights around how their respective compliance programs stack up against other companies, especially in the same industry.  Compliance professionals, as a general rule, are collaborative and willing to share information with each other.  CCOs are an optimistic lot and enjoy sharing best practices, ideas and insights in order to further the ethics and compliance mission.

The compliance industry benefits from a robust vendor and service provider community (including yours truly) who are willing to provide feedback and promote information sharing among industry professionals, government regulators and prosecutors, and international organizations. 

NAVEX Global and KPMG have released two new surveys that reflect the rapid pace of growth, issues and trends in the compliance industry.  It is always valuable to review these reports and participate  if asked to respond to a survey.

Both surveys reflect the significant impact that  the COVID-19 pandemic had on compliance functions and the business landscape.  Work-from-home arrangements have now become a fixed part of the corporate workforce as companies implement hybrid workplace arrangements – more employees are demanding a mix of work from office and work from home arrangements.  Such a change has had – and will continue to have – a major impact on corporate governance.

ESG is the new popular buzzword and the precise relationship between ESG and compliance functions is still being settled.  It is a process that opens up compliance to the risk of being swallowed by a larger and cross-cutting ESG initiative.  I have warned compliance professionals to contribute and coordinate with ESG initiatives but to avoid taking responsibility or lead roles in the design, implementation and management of the ESG initiative.

NAVEX Global’s yearly report always provides valuable insights.  Given the obvious impact of the COVID-19 pandemic, compliance surveys are justifiably focused on this issue.  COVID-19 was a critical stress test for all companies and compliance programs.

Even in these challenging circumstances (or perhaps because of these circumstances), NAVEX Global found that nearly 30 percent of the surveyed compliance programs had increased in program maturity and confidence.  The number of reactive or basic compliance program declined.  As part of this trend, NAVEXX Global noted that there was a significant increase of program measures, continuous access to data and integration of risk management throughout company functions.

Considered in this framework, let’s look at some of the interesting results from NAVEX Global’s Definitive Risk and Compliance Benchmark Report and KPMG’s Chief Compliance Officer Survey.

While NAVEX found that the pandemic did not significantly disrupt risk and compliance functions, there was a significant change in company priorities – business continuity rose to the second highest priority, right behind data privacy and security.  Bribery and corruption was cited as the third-highest priority with 40 percent of respondents citing it as a top focus of their compliance activities.

Corporate culture was cited as an important aspect of risk and compliance decision-making and initiatives.  This finding reinforced the growing importance of corporate culture as a key “control” in all business operations and decision making.

The most troubling finding in the NAVEX Global report was the finding that a large number (approximately 65 percent) of companies reported that they are suffering from lack of resources.  This finding raises real concerns about the proper role of compliance functions in a corporate governance landscape.

Equally concerning was NAVEX’s finding that senior leadership support for compliance in the face of competing concerns declined to only 37 percent.  This result suggests that as soon as competing concerns arise, compliance support is jettisoned in favor of other business concerns.

NAVEX noted that compliance programs are rapidly expanding the collection of compliance-related data but fewer know exactly how to leverage use of the data to inform their compliance functions needed to build an effective continuous monitoring program.

KPMG’s 2021 Survey focused on the role and perspective of the CCO.

Nearly two third of respondents cited the use of automation and technology as the top ethics and compliance program enhancement needed in the short-term.  This reflects the growing adoption of automated solutions to mitigate risks and streamline workflows.  Approximately one-third of the respondents cited data analytics as the top area needed to enhance their compliance programs.

As to top regulatory and compliance areas needed to refine – the survey found that industry-specific regulations (39 percent) was the most often cited, with consumer protection (34 percent) and cyber information protection (28 percent) as the second and third most important, respectively.

A large number of CCOs are participating in ESG strategy planning, ESG policies, ESG risk assessments and business investments as part of their overall compliance responsibilities. 

In measuring a compliance program’s effectiveness, CCOs rely in descending order on the following sources: audit results (72 percent); regulatory actions (45 percent); training results (37 percent); employee survey results (34 percent) and investigative findings patterns (32 percent).

As part of the growing trend toward technology and data analytics, CCOs cited the following areas to enhance their program expertise: Data analytics (54 percent); IT Security (37 percent); Regulatory (30 percent); GRC technology (19 percent) and Investigations (17 percent).